A. Internet as a Service, Platform as a Service, and Storage as a Service.B. Infrastructure as a Service, Platform as a Service, and Storage as a Service.C. Infrastructure as a Service, Platform as a Service, and Software as a Service.D. Internet as a Service, Product as a Service, and Storage as a Service.E. Internet as a Service, Platform as a Service, and Software as a Service.

Answer: C

QUESTION 513Refer to the exhibit. A customer interconnected hundreds of branch offices into a single DMVPN network, with the HUB in the main data center. Due to security policies, the customer requires that the default route for all Internet traffic from the users at the branches must go through the tunnel and the only connections that are allowed to and from the branch router over the local internet circuit are the DMVPN tunnels. Which two combined actions must you take on the branch router to address these security requirements and keep the solution scalable? (Choose two)

A. Place the WAN interface in a front-door VRF, leaving the tunnel interface in the default routing instanceB. Protect the WAN interface by an inbound ACL that permits only IPsec-related trafficC. Implement a zone-based firewall that allows only IPsec-related traffic from zone UNTRUSTED to zone TRUSTEDD. Add a host route for the public IP address of each remote branch and HUB routers that points directly to the local ISP, and add a default route that points to the tunnelE. Use a floating default route with the preferred path over the tunnel and a backup path over the Internet natively

Answer: AB

QUESTION 514What is a design application of control plane policing?

A. CPP protects the control plane from reconnaissance and or denial-of-service attacksB. CPP protects the forwarding plane by rate 璴imiting excessive routing protocol trafficC. CPP protects the forwarding plane by allowing legitimate traffic and dropping excessive trafficD. CPP drop malformed packet that are sent to the CPU

QUESTION 516An operations engineer asks for your help with a new switching deployment. The engineer confirms that STP is enabled on an edge switch, and a particular port is connected to another switch. The switch is not receiving configuration BPDUs, although it appears that everything is functioning correctly in the network. What is the design explanation?

A. Bridge Assurance is enabled on the portB. Storm control broadcast is enabled on the portC. REP is enabled on the portD. BPDU Guard is enabled on the port

Answer: C

QUESTION 517What are two possible drawbacks of ending Loop-Free Alternate to support fast convergence for most destination IGP prefixes? (Choose two)

A. The IGP topology might need to be adjustB. Loop-free alternate’s convergence in less than 100 milliseconds is not possibleC. Loop-free alternate’s are supported only for prefixes that are considered external tot the IGPD. Loop-free alternates are not supported in global VPN VRF OSPF instancesE. Additional path computations are needed

Answer: AE

QUESTION 518Which option is a design consideration when using routers in a distributed hardware architecture?

A. Routing information is stored in the RIB and the FIB makes forwarding decisions as programmed on the line card hardwareB. After a link failure occurs in the core, the RIB continues to forward the traffic while FIB convergence is in progressC. BGP routes are stored in the RIB and IGP routes are stored in the FIBD. IP routes are stored in the RIB and MPLS labels are stored in the FIB

Answer: A

QUESTION 519Refer to the Exhibit. In which three Layers should you use nonstop Forwarding to reduce service impact in case of failure? (Choose three)

QUESTION 521A financial trading organization plans to monitor the network latency for multicast data feeds on a hop-by-hop basis. Which technology should be added to their design to support this requirement?